Privacy Policy

We appreciate your interest in Democracy by Design. When you visit our website or use our Toolkit (together the „Services“) your personal data may be processed. This Privacy Policy explains how we process personal data and what rights you have in this context.

This privacy policy can be accessed and printed at any time on our website.

I. General Information

This privacy policy informs you about the handling of your personal data when using our Services. In particular, it explains what data we collect and what we use it for. In addition, it informs you about how and for what purpose this is done.

Personal data ("data") is any information relating to an identified or identifiable individual. Processing" of data means any operation performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC ("General Data Protection Regulation", GDPR), as well as in the German Federal Data Protection Act (BDSG) and the Telecommunications and Telemedia Data Protection Act (TTDSG).

II. Controller

Responsible for the processing of your data is the

Alliance of Democracies Foundation Bredgade 71, 1. th DK-1260 København K [[email protected]] ("we" or "us")

Controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

III. Scope of Data Processing

We or third parties use and process information that we collect in order to provide you with personalized experiences. We treat your personal data confidentially and in accordance with the statutory data protection regulations and on the basis of this privacy policy. We use the information available to us only as necessary and for the purpose of providing and improving our Services. This includes personalizing features, content and recommendations. Within our organisation, your data is only shared with those who need to access it for the purposes of our Services. We may also disclose your data to our agents and service providers. Such third parties are contractually bound to handle your data in accordance to order processors (Art. 28 GDPR).

IV. Data security

We have taken technical and organizational measures to ensure that the data protection regulations are observed both by us and by external service providers. Our Services use SSL or TLS encryption for security reasons and to protect the transmission of confidential content that you send to us as the site operator.

V. Processing of Personal Data

The following overview lists all types of data we process, the purposes of their processing, as well as the legal basis for their processing.

1. Visiting our Website

If you visit our website without otherwise (e.g. by using our Toolkit) transmitting data to us, we collect the following data on our web server temporarily and anonymously via server log files:

  • Website from which our website was requested (so-called referrer URL)
  • Name and URL of the requested website
  • Date and time of access to the website
  • Description of the type, language and version of the web browser used
  • IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
  • Message whether access was successful (access status/ HTTP status code)
  • Internet service provider of the accessing system
  • Amount of data transferred in each case
  • Operating system used and its interface
  • the GMT time zone difference

The technical service provider of our website is Scalingo S.A.S, a limited liability company incorporated and operating under the laws of France. Your data will not be stored by Scalingo, it is temporarily logged for technical reasons and will shortly be deleted. You can read the corresponding security regulations of Scalingo under the following link:

This is technically necessary in order to be able to display our website to you. We also use the data for statistical evaluations to ensure the operational security and stability of our website. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f GDPR. The processing of the aforementioned data is necessary for the provision of the website.

This is necessary to ensure the stability and operational security of the website and thus serves to protect a legitimate interest of our company. We also use the data to fulfill our legal obligations for reasons of data security. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. c GDPR.

2. Using our Toolkit

If you use our toolkit, we walk you through a series of questions. The information we obtain from these questions is about your company and how data is handled within your company, as well as your concerns about how digital tech affects societies and democracies.

To collect informations from the Questionnaire we use Typeform. Typeform is a service of TYPEFORM, S.L., Bac de Roda 163, 08018 Barcelona, Spain (“Typeform S.L.”).

Typeform stores the answers you share with Typeform anonymously on a Typeform server. The information you provide voluntarily will be stored as content, without the possibility of tracing it back to your person or company. We use the anonymized answers and the voluntary data exclusively for evaluation within the scope of our project purpose.

Your anonymously stored answers and voluntarily provided information in the tool are provided exclusively to us and our project partner in the context of the project. We use the Typeform Questionnaire in the interest of creating an attractive online offer. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 clause 1 lit. f GDPR.

We offer you the option to voluntarily provide your information as a data donation for the purpose of statistical analysis. This data may be anonymously used for statistical evaluation. We may, in certain instances, partially publish this data in an anonymized form. The processing of personal data when donating your data is based on your consent (Art. 6 para. 1 p. 1 lit. a DSGVO).

3. Social media

We are represented on the following social media platforms and process user data in this context in order to communicate with users active there or to offer information about us. We have no influence on the scope of the data that the social network collects. Please inform yourself using the privacy policy of the respective social network:

We point out that user data may be processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them). For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective social media providers. In the case of information requests and the assertion of data subject rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

VI. Cookies

In view of the importance of data privacy, and our obligations of transparency, we would like to inform you that we do not use cookies or other tracking techniques on our website.

VII. Data Storage and Deletion

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose). This means that we only store your Data for as long as it is necessary for the respective processing purpose and limit the storage period to the minimum necessary.

VIII. Your Rights

You have the following rights:

  • the right to information,
  • the right to rectification or cancellation,
  • the right to restrict processing,
  • the right to data portability,
  • the right to revoke any consent you have given with effect for the future.
  • the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions. To exercise the above rights, you can send us an email at [email protected]. You also have the right to lodge a complaint about the processing of your personal data with a data protection supervisory authority.
IX. Data Transfer / Third Country Transfers

We will only share your data with third parties if you have consented to this or if there is another legal basis. Insofar as we use third-party tools that process your data outside the EU/EEA, we ensure that the legal requirements of Art. 44 et seq. GDPR for such a third country transfer are met and that your data is processed in the relevant third country in accordance with the European data protection standard. With regard to the United States, we rely on the Data Privacy Framework (DPF), provided that the respective recipient of the data is registered under the DPF with the U.S. Chamber of Commerce. In cases where there is no corresponding adequacy decision, we generally rely on the so-called EU Standard Contractual Clauses (SCC) that we conclude with the respective provider. In addition, in accordance with the requirements of the ECJ ("Schrems II"), a case-by-case risk analysis is carried out with regard to the respective third country transfer in order to ensure that your data is processed lawfully in the third country concerned and, in particular, that access to your data by state authorities is prevented (Transfer Impact Assessment).

X. Linked Content

This Privacy Policy only applies to our Services. However, the Services may also contain external links or hyperlinks to websites of other providers. They are to be distinguished from our own content. This third-party content does not originate from us, nor do we have any influence on the content of third-party sites. If you are forwarded to other pages via links within the website, please inform yourself there about the respective handling of your data.

XI. Profiling

We do not use automated decision making or profiling (an automated analysis of your personal circumstances).

XII. Amendment of this Privacy Policy

Due to the further development of our Services and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this Privacy Policy.

September 2023